From 7691e7df32baefdea20823507ca8597580baa393 Mon Sep 17 00:00:00 2001
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Sun, 22 Nov 2015 17:01:51 +0100
Subject: [PATCH] as noted by winfried, we could end up using same hash on
 packets in multiple places, leading to "hot" CPUs on some nodes. Turned out
 we perturbed the hash already on the side of pdns_recursor, but this adds
 perturbation to dnsdist too.

---
 pdns/dnsdist.cc | 14 +++++++++++++-
 pdns/dnsname.hh |  4 ++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index d745343c4..ec201a35f 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -297,9 +297,10 @@ shared_ptr<DownstreamState> wrandom(const NumberedServerVector& servers, const C
   return valrandom(random(), servers, remote, qname, qtype, dh);
 }
 
+static uint32_t g_hashperturb;
 shared_ptr<DownstreamState> whashed(const NumberedServerVector& servers, const ComboAddress& remote, const DNSName& qname, uint16_t qtype, dnsheader* dh)
 {
-  return valrandom(qname.hash(), servers, remote, qname, qtype, dh);
+  return valrandom(qname.hash(g_hashperturb), servers, remote, qname, qtype, dh);
 }
 
 
@@ -1076,11 +1077,22 @@ try
   openlog("dnsdist", LOG_PID, LOG_DAEMON);
   g_console=true;
 
+
 #ifdef HAVE_LIBSODIUM
   if (sodium_init() == -1) {
     cerr<<"Unable to initialize crypto library"<<endl;
     exit(EXIT_FAILURE);
   }
+  g_hashperturb=randombytes_uniform(0xffffffff);
+  srandom(randombytes_uniform(0xffffffff));
+#else
+  {
+    struct timeval tv;
+    gettimeofday(&tv, 0);
+    srandom(tv.tv_sec ^ tv.tv_usec ^ getpid());
+    g_hashperturb=random();
+  }
+  
 #endif
   g_cmdLine.config=SYSCONFDIR "/dnsdist.conf";
   struct option longopts[]={ 
diff --git a/pdns/dnsname.hh b/pdns/dnsname.hh
index c3016c627..e77c10818 100644
--- a/pdns/dnsname.hh
+++ b/pdns/dnsname.hh
@@ -55,9 +55,9 @@ public:
   bool isRoot() const { return d_storage.size()==1 && d_storage[0]==0; }
   void clear() { d_storage.clear(); }
   void trimToLabels(unsigned int);
-  size_t hash() const
+  size_t hash(size_t init=0) const
   {
-    return burtleCI((const unsigned char*)d_storage.c_str(), d_storage.size(), 0);
+    return burtleCI((const unsigned char*)d_storage.c_str(), d_storage.size(), init);
   }
   DNSName& operator+=(const DNSName& rhs)
   {
-- 
2.40.0